hydra | 08746e95f62e908536615bdfd5d972492c7a3aabc069bb4904f7ca0bb8cbbb72 | Triage

Sharing

General

Target

08746e95f62e908536615bdfd5d972492c7a3aabc069bb4904f7ca0bb8cbbb72.zip
Size

7.3MB
Sample

250325-fpaggsvmw3
MD5

a3b87e2c08ed8d0ce4fa495411e896b7
SHA1

8422c35b3aee269bc1bed9bccb3bc85c56d9609e
SHA256

08746e95f62e908536615bdfd5d972492c7a3aabc069bb4904f7ca0bb8cbbb72
SHA512

d8db36e3b0335f16aee79f620a4f427ba2552b221266d701255fa551b616900f4ea3b7eda5bf40f429905f6cae372e931c6a777590207ceb9eb73d08bebd5e76
SSDEEP

196608:m4W/1GlvG3ycmiFaSZJFCed3smq90Bzp2Hb4S:mj1GlvhcmnQTd0mp21

Score

10^/10

hydra android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87.apk
- Size
  
  7.4MB
- MD5
  
  9326a01f58049dcd9947e91c71972fba
- SHA1
  
  6686eec12836e010a929df0df3ca87b3d718d348
- SHA256
  
  e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87
- SHA512
  
  7e1a4a26b384b5c611c6927ff5176fa9f75a6ce7488bfd080b7ea461dad7a54a4267f18d11d826de33fb85cde609824350b41ea59b730e116424397e4d7b3a70
- SSDEEP
  
  98304:qKkDrOhNgdgC6j6DhdkFjVddWbRIdymNQn8ohd+rnR7Qw4Z2k7Aa3k4uHrLWOgud:kDahNBC6WCNZyZhd+tO7hDtMkuY6fnBv
Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Hydra payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan